Small-town street scene in Illinois American flag flapping in breeze by huge painted American flag fading from brick wall
 

Episode #48: What's Going Well in Cybersecurity Today? More than you might think...

This week the guys discuss the good steps forward that are making the cybersecurity industry strong, from awareness to technologies, education to growing the workforce. They share the silver linings in the turmoil, plus some areas for improvement in the industry.



Pick up your copy of Cyber Rants on Amazon.
Looking to take your Cyber Security to the next level? Visit us at www.silentsector.com
Be sure to rate the podcast, leave us a review, and subscribe!

Mike's Headlines:

FBI ISSUES WARNING OF MALICIOUS UNEMPLOYMENT WEBSITES

WISCONSIN MILK PROCESSING COMPANY SURVIVES RANSOMWARE ATTACK

FBI: MEET THE “HELLOKITTY” RANSOMWARE GANG

Minecraft Japanese Gamers Hit by Chaos Ransomware Using Alt Lists as Lure
Google to Pay Hackers $31,337 for Exploiting Patched Linux Kernel Flaws
Office 365 Phishing Campaign Uses Kaspersky’s Amazon SES Token
Cybercriminals Sell Access to International Shipping, Logistics Giants

Alert! Hackers Exploiting Gitlab Unauthenticated Rce Flaw in the Wild
FBI: Ransomware Targets Companies During Mergers and Acquisitions
Hive Ransomware Now Encrypts Linux and Freebsd Systems
New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code

10103417-small

Send Us Your Questions & Rants!

welcome to the cyber rants podcast where we're all about sharing the forbidden secrets and slightly embellished truths
about corporate cyber security programs we're ranting we're raving and we're
telling you the stuff that nobody talks about on their fancy website and trade show giveaways all to protect you from
cyber criminals and now here's your hosts mike rotondo zack fuller and lauro
chavez ladies and gentlemen welcome to the cyber rants podcast this is your co-host
zach fuller joined by mike rotondo and lauro chavez and we are going to have a
good conversation today but before we do mike why don't you kick us off with the news
good day and welcome to the news we've got some interesting news we're not doing the standard stuff today but uh first of
first of all we have fbi issues warning of malicious unemployment websites apparently the fbi has
warned the us public that threat actors actively using fake and spoofed unemployment benefit websites
to harvest sensitive financial and personal information from unsuspecting victims sites used in these attacks are
designed to closely resemble official official government platforms to trick the targets into giving away their info
these spoofed websites imitate the appearance of and can be easily mistaken for legitimate websites
offering unemployment benefits sorry for repeating myself i'm not that old they're beating they're
beating people while they're down basically it's like hey you're unemployed yeah
now we're gonna steal your identity make yourself even more
that's a great walk out right it kind of does and even dovetail on that i've seen some really weird
linkedin job requests ask and say yeah you know if this sounds great why don't you just send me your number and your
email address and we'll get right to you yeah learn how to flip houses in your spare
time it's credit card processing fee of only five dollars just enter your card number here exactly it's four eight four
seven three oh so on another note wisconsin milk processing company survives a ransomware
attack wisconsin state farmer reported this week that schreiber a milk processing company one of the biggest
milk processors in the state had been hit with a 2.5 million dollar ransom demand after the attack the attack
disrupted the entire milk supply chain didn't know there was one because schreiber uses a variety of digital
systems and computers to manage milk processing uh additionally new cooperative an iowa-based farm service provider was hit
with ransomware attack on september 20th and black matter a ransomware outfit demanded a 5.9 million ransom
uh for crystal valley based in minnesota both attacks came as harvest began to ramp up for farmers so
additional supply chain issues is a ransomware attacking food processor this
i added just because i wanted to save fbi meet the hello kitty ransomware
fbi has sent a flash alert warning private industry partners that the hello kitty ransomware gang aka five hands has
added ddos attacks to their arsenal of extortion tactics hello kitty is also known for stealing
sensitive documents from victims compromise servers before encrypting them the excel traded files are later
used as leverage pressure the victims into paying the ransom under the threat of leaking the
stone data online next minecraft japanese gamers hit by chaos ransomware using alt lists as lure
fortiguard labs recently discovered a variant of the chaos ransomware that appears to target minecraft gamers in
japan the variant not only encrypts certain files but also destroys others running them unrecoverable if gamers fall prey
to the attack choosing to pay the ransom may still lead to loss of data oh no they're losing their worlds oh that's
just going to be so frustrating because they've just spent thousands of hours making their minecraft worlds and now
they're just locked they already threw away a bunch of their life what's a little more right exactly
yeah hold off further that was probably very offensive
i'm offended i'm people i mean you know i i i don't know i i'm i'm not a big gamer
i just i don't i think it's
great to have a hobby and that sort of thing but it when when i always see these things about people just completely letting it take over their
lives and that becomes their new reality that's that's just too far i used to have a roommate in college that would
come home on friday afternoon pour himself a glass of scotch and i wouldn't see him again till sunday because he'd be in there playing doom
so wow yeah wow well you just dated yourself a little there
yeah doom one the original doom it wasn't there wasn't one it was dude
it's just that was back when he had to you know
had a coal-fired computer i got quick i got quake on the nintendo
switch speaking of gamers you guys can do whatever you want in your spare time you know i'm going to continue to play video games and you can just zip your
scotch and pet your cats your mountain bike that's fine what is the spare time you speak of
right okay like as an excess extra no no i'm talking i'm talking about look
all i really need is you know 15 to 25 minutes
just sporadically throughout the day that's really all that's really all i need to to get things just right and
still stay connected with the gamer community and the gamer and myself first off so yeah um you know anyways but yeah you
shouldn't you should you certainly shouldn't like be sneaking out of work early to go you know play
halo internet a that's a healthy amount of gaming and that's what gaming is good for right
it's those little breaks and things like that not uh 16-hour binges where you
drink mountain dew and eat donuts the whole time what do you got against donuts and playing games i still fail to
understand the the reasoning behind this sounds fantastic the star wars movies playing in the background too
i don't have to drink the mountain dew but they could be there you know what i mean i might need a donut
look i used to go to lan parties like let me tell you something i would look there were times on deployments and
you've seen pictures i don't have to this is public knowledge there's times and deployments where we might have been playing
some multiplayer video games okay because well it was spades or dominoes or hearts
or p knuckle i don't i don't still understand that one or you know we could do multiplayer
for the techies and you know it would be two versus everybody else because you know there's only only two gamers um so that always
made it fun uh but in any case you know i mean everybody has their thing ever has their thing yeah deployments i
i when we weren't out out in the field fighting it was always uh fixing the the
diesel generator and and uh that was that was my my game
diesel generators yeah because when that goes down all the air conditioning and the
cooling units and stuff in your tent uh your tent go down and nobody's happy
that's right so now you know now you know what it feels like to lose a minecraft world right now okay i guess i guess that's right it
comes full sir anyway sorry it took us way off circle back
circle back carry on so uh the next story we have is google
to pay hackers i have no idea how they came up with this number thirty one thousand three hundred and thirty seven dollars for
exploiting patch linux kernel flaws it's like someone just rolled some dice and went hey this number works uh google
announced that it will pay security researchers to find exploits using vulnerabilities previously or mediated
or otherwise over the next three months as part of a new bug boundary program to improve their security of the linux
journal google is expected to issue rewards worth 31 337 dollars for exploiting privilege
escalation in a lab environment for the past vulnerability an amount that can climb to fifty thousand three hundred
thirty seven dollars for working exploits that take advantage of zero day flaws in the colonel and other undocumented attack techniques
again where they came up with these numbers i don't know but anyway
if you've got some spare time and you're not gaming or fixing the diesel generator google will pay you to hack so that's
cool that seems seems reasonable seems like reasonable funds reasonable pay for fun yeah it's just like a weird number
though you know it is kind of weird it's easier getting paid hacking for google that is playing fortnite pro i'm just saying
probably all right that's all i got laura what do you got for us oh i'm sorry i was playing games
let me get back to the podcast here so for for exploits this week you know i just want to bring up i guess
i'll i'll preface the conversation with saying we're not going to talk about wordpress beyond this this this episode
so you've if you've listened to the past 40 whatever million episodes that we've had i can't remember but you can go back
six 636 000 episodes anyways but we're we're pretty much we're ending the conversation on on wordpress from an
exploit plug-in perspective if you're gonna play with fire well you should wear some oven mitts so
uh if you if you don't know go back and listen and if you're still um if you're still out there just make sure you do
your homework um if you're using that software um this week we're going to talk about fuel cms it's a content
management application it's got a remote code execution on version 1.4.1
so this payload exists out there for metasploit we pull this in and we can execute this against the the
remote the remote system pretty much immediately so if you've got 1.4.1 of fuel cms make sure you're
upgrading that and to bring back the speaking of meow the hello kitty gang
right let's let's talk about the meow attack okay this if you don't remember this happened back in um in the summer
of 2020 it was a it was a date did not work there's a database grabs really what it was database grab and destroy
pillage it was barbaric is what it was okay so the ericsson network location nps like
gpc there's a so this is what's probably happened to a lot of the feedlots with the malware is that they're probably
using a lot of this ericsson network location stuff that goes up on towers right and so anyways if you're using that that gmp c21 you want to you want
to get off of that right now and get get your support team to get those those systems upgraded
or at least try to segment them from the internet because um the metasploit payload for that for that attack is
pretty much there now and so it does um remote code execution with the ericsson network location gear running on that
that gmp c21 so make sure you're you're trying to get off of that so i kind of was you know
curious and that's speculation right we don't we don't know that for a fact but we we know that a lot of these
agricultural organizations are leveraging technology and because they have equipment and they have large lots
in large places they're they're you know kind of spanned out using some of this supported array
um for internet mesh and location mesh and everything else over there giant farms and giant ranches that they have
so you know it's it's it to me it's kind of heartbreaking that they're they're kicking us in that in that part of the
part of the chest it's pretty painful but um so if you're if you're leveraging that eric's and stuff get get get
checking with your reps and all that and see if you can't get get yourself updated in a in a timely manner that's
all we have for exploit this week again not going to mention wordpress no more wordpress we're not allowed to say
that's the final time we say it it is the unspoken the unspeakable the unsupposed sadly i will continue to
mention microsoft kind of
outstanding let's uh dive into some other topics and see where our conversation
takes us but before we do take a quick break get some water be right back want
even more cyber rants be sure to subscribe to the cyber rants podcast get
your copy of our best-selling book cyber rants on amazon today this podcast is brought to you by silent
sector a firm dedicated to building world-class cyber security programs for mid-market and emerging companies across
the us silent sector also provides industry-leading penetration tests and cyber risk assessments visit
silentsector.com and contact us today and we're back [Music]
there's a lot happening in the world of cybersecurity i think that's pretty pretty obvious
a lot of new things but a lot that's the same too right a lot of fundamentals
that need to be in place and all that but i thought we'd start with some things that are going well
i mean i i think that their i think the industry is is uh
quite a ways ahead of where it was say five years ago right so um that's good i mean i know we
we joke a lot we talk a lot about all the stuff that's wrong how it should be that's kind of the cyber rants right
ranting about what's going on and um kind of where where things are missing the mark but
that said um i'm seeing a tremendous amount of of
activity in just the education space and trying to get people into this industry so that's been good
there's a lot more people and i get people reaching out
pretty regularly uh students in their in their bachelor's and master's programs asking
okay well i'm doing these things what else should i be doing certifications that sort of things that's encouraging people the the industry has become
much more front and center and recognized as an actual industry not a subset of i.t
like before and then as a result i think it's breeding more talent
so that's something i'll point out i think is going well um and then another thing
i think is going well is um although it's not all about tools and technologies right that's as we say over
and over really comes down to the human element you know i think there's good good progress made and some things that
can create efficiencies for organizations and some really cool stuff out there that does like really good
capabilities for endpoint protection that sort of thing so um a few other things
going on but i'd say those are those are some of the main ones you know we we have there's certainly other things that
we could talk about in the compliance realm and stuff that's not quite like we we want to see it happen but that said
what do you guys think any anything new happening that's caught your eye that you're excited about i'm sorry i was playing video games again what were we
talking about yeah no you know i i think those are two great great things to bring up um i will bring up a compliance
thing because i'm really excited to see this um when you're a dinosaur like mike and you've been through pretty much you know
everything in i.t you remember when you know
you are wrong anyway so you know the questionnaire the
security questionnaire has been a thing that we've kind of watched evolve for the last almost 20 years
and now seeing it really have traction in the industry and organizations like pci
and enlighten us that are you know kind of talking about this this kind of proactive vendor management um stuff
that are kind of helping these companies really develop these questionnaires and and they're advocating cyber security
they don't they don't know it they think they're trying to meet compliance but really what they're doing is they're advocating cyber security and this has
sort of caused this this this chain of of of effect right with all these
organizations now being met with at the other end of this and saying oh wow i've never i've never seen this type of you
know this type of inquisition before you know about our technical and security capabilities so it's i i like to i think
i think that's a good thing to talk about because that's really really invoked i'd i'll call it a cyber
security revolution i'm gonna i'm gonna go ahead and point at that because i i think it's safe to say that
like you said zach a lot has changed in the last five years we've seen a huge ramp and a lot of things has probably been
because we've had to right i mean we've been under consistent attack for 20 years from the cyber from the cyber
perspective maybe longer um ever since the internet was connected pretty pretty much with anybody else in the united
states and our danny university i'll just say that because you know there's always the university guys
so close to the account anyways but you know like there's i think
there's a um you know if you're if you're not from lubbock texas then it might not make sense but if you
um if you look at the that that evolution of the questionnaire and how it's kind of provoked these companies to
kind of self-ignite this cyber security this cyber security um
you know call up just a like a like a road map that they don't know where they're going but they're like i gotta i gotta go
someplace right so where do i go you buy cyber rants of course but um
you know i i think that we've really seen that cyber evolution happen over over the last probably you know two or
three years really starting to take traction in the industry um and you can just i mean we could tell with our business i'm sure all the other
cyber security we can see it with the need for professionals being higher than ever
you know and um the need for american companies to to do something is
higher than ever so what what better time really you know so that's what i see is good yeah i'm
seeing a lot with startups in that they're getting hit with these and they're reaching out to companies like us to say how do we deal with this
so it's good and especially if you're a startup you're building from green fields and can build it
to be secure from the start as opposed to trying to retrofit security which is
always a problem yeah and that's what our hope would be right is that everybody would put cyber
security up front right those those you know understanding what data they're going to have and how they should how they should handle it and
how they should prevent misuse and those sorts of things with with their technologies is it should be like top of
mind not how we're going to make a million dollars off everybody you know i mean
yeah the these companies even small businesses now are are finally
um starting to see cyber security as a requirement and putting resources into
it and um out of that too in larger enterprises that have
a chief information security officer right they are getting a better seat um at the table
right i think that it's been a long long time they've been they've been there they've been around but a lot of times
are just not really hurt or kind of like you know you sit in the corner because you're not driving revenue that sort of
thing and i think that that that discussion is changing they're showing ways that they can make the company
better overall and really getting getting heard um and to
the point where some will report directly to the board right because the boards are that that
concern and realize that it's it's of such importance that now they um want to make sure that they're
that their organization is covered so a lot of there's a lot of visibility increase oh just in the last five years
or so ceases are getting more technical for a long time it was someone that made
a lateral move from accounting or something like that to oversee cyber security and we're now seeing
security professionals moving into those roles in a lot of ways yeah technical leadership thank you mike that's a great
point we're seeing more technical leadership where it needs to be technical leadership and not you know
executive leadership that just because you're good at you know quote-unquote being a you know a director or whatever right so
you know it gleans more respect from your your peers and your subordinates and that whole bit um the other thing i
think i'll say is um i i think i'm i'm i really feel as part of the cyber
evolution that's happening right that we've we're starting as a whole in the united states to lower our attack surface
i think you know all the questionnaires and and all the drive for um a more rigorous cybersecurity program
and you know following a framework and that is it leads to that continuous scanning which you know as a byproduct leads to
that reduced um you know vulnerability surface because you're not you know using a you realize that the windows tensor we have a patch for you know four
years probably needs to be updated now because the scanner is barking all kinds of red colors at you so i mean things like that are good
right even you know we've we've seen from our own clients that that surface being really narrowed down to where it's
almost non-existent now there's always going to be trusted software zero days there's nothing we can do to get around that um
you know that that's gonna happen in all pretty much products you're gonna have the you know the cigar humidifier that you buy that you know comes out after
like four days um or the blender or you know the vehicle or you know so you know
trusted software is always going to have that potential which i i'd like to see more companies do what google's i wish microsoft to reach out like google's
reached out and offer a more i guess unified bounty system for
identifying stuff with them you know and are in a real like shot at open development um speaking of companies that didn't put
cybersecurity first anyways if if microsoft if microsoft offers thirty
one thousand three hundred and seventy eight dollars instead of three hundred thirty seven dollars there they'll be a step ahead so
that's a free business tip to microsoft i won't even charge a consulting fee for that
we'll waive the 350 an hour yeah yeah they want to be leaked right with the money that they're given they
should put like you know maybe i don't know like 14 threes behind it with no periods or commas
that's fine that'd be enough that'd be enough that'd be enough and then i would say that you know you'd probably get a lot of good researchers coming to help
you out yeah you know and speaking of technical leadership i would really rather have
someone with 20 years of experience with no college education who's been working in i.t security for that amount of time
than some new graduate of kellogg business school or one of those being a c-level executive as a cso
and i don't think the college education prepares you for the actual real world issues of
cyber security so now we're going to start some sort of like educational piece and and i guess
you know i think a lot of the it really doesn't i think it's good that you know you know
zac you mentioned that we've got we've got educational programs towards that now and and i think that's a really
good thing and i think that a lot of these schools are providing really good
um you know labs and things for the students to to really get a get an idea
of the fundamentals of cyber security and just basic it it functions work right so i think it's really good that they're
doing but you know we've i think in the past we can also attest that you know some of the more governance and
compliance driven pieces that are more prevalent are kind of weaker right i mean it's you know everybody wants to be a pen tester but uh you know
unfortunately that's on you know for an organization that's a real small amount of work um it's an important piece of
work but it's a small piece of the of a larger machine that's running in cyber security well
we're having issues with is we're still getting people that are conflating compliance with security
and i you know ran into this with a client recently where you know well we're doing the minimum for the
compliance solution but that's not making you secure so that's something that we need to focus on too that i still need more
education yeah but it's getting better right i mean
i mean it's it's it's absolutely getting better um and so you're still gonna have you know the the people that are you know the
organizations and individuals that are behind but i think as a whole that you know we are you know moving forward i think
there's there's certainly a lot of momentum that that america has made in general and the
companies here that we see have made in general to move toward a more secure environment and to be more careful with
their with their customer data whether they wanted to or not i mean there's been a lot of cyber attacks i mean it just it when you see your when you see
your when you see your neighbors houses you know get toilet paper it makes you like want to stand guard you know you
know it's like you're like wow you just got toilet paper we need to really start putting out the full-size candy bars you
know what i mean like you know it makes you it just makes you want to be aware right um it's like yeah
well jim only put out the little you know the little halloween the little one of those little triangle things the
cones the cones or whatever those things are they're terrible um
candy corns candy corns that's what they are he only put out the candy corns look what they did to his house
i have a single candy corn i forgot about those i didn't have a single one this halloween man i feel like i missed
the whole season well you know we talked about that company that got hacked that makes candy corns a couple weeks ago so
maybe that's why that's true that's funny you know i didn't want to interrupt you when you were given the news last week but since
we're having to kind of you know you know fend for yourself today um i uh i i
think that was great i was thinking that my back of my head too i was like i wonder because it's like the most horrible halloween
like we need to stop the kids from getting this candy because we have we have a group of individuals that think
that all the kids want that we need to stop it my daughter i was not that i was
perusing through her halloween candy or anything would never do that but i don't know if if i if i did
um you know just looking for maybe like maybe uh um a twix or something like that i
came across a bunch of milk duds and i couldn't believe people still give those out
but maybe there's still some things you know in the time it took you to poison your body with milk duds you
could have lost to me in fortnight whatever yeah that's true that's about
all the time it would take 15 seconds but uh but yeah that would have been better for
you a bit of north more healthy that's true that's true not better for
my emotions though
no there are dances in that game to give you emotional um outreach when you're done so yeah
i think i'm i'm excited about what's to come because we've we've got this so
cyber security industry you could you could say is is brand new
relatively speaking to like the automotive industry or the pharmaceutical industry or you know
commodities out there on to farming and stuff like that but uh with that we're going to get people that
come into the profession uh as technical individuals grow up in it become cisos i
think that's going to certainly provide you know more talent more capability for the the nation
as a whole which is awesome we just we got to get on the same page about some some standards
like you were saying mike about compliance right we got to get everybody on board with some
holistic security frameworks to protect the whole organization not just segments of data
and i think once we can do that we'll we'll we'll achieve some good things but and i think the next thing to come
is and it's already forming is it and i think they go very much hand in
hand but uh the industry around uh disinformation uh counter you know
countering disinformation that sort of thing i think we'll start to get more organizations popping up that deal in
that business and then um counter intelligence stuff rights for
helping companies that are you know potentially hiring malicious actors
uh you know threat actors and that sort of thing unknowingly right um so that i could see some new
some you know newer industries popping up as a result of just the necess necessity i mean it's unfortunate that
any of this has to exist but just out of necessity it's going to create jobs for people opportunity and i think
it's going to make us stronger as a nation well yeah and you know i think that i think it will too and i think that
you know it's somebody has to you know i think disinformation might be a cyber security problem um you know and you know keeping keeping
data integrity high prevents that that sort of you know that sort of capability right you're always
going to have you know the psyops sort of situation happening but if your data
is irrepeatable then you know it's it's easy to go back and point to that right and and so it i think you're right i
think you'll see you know they'll see areas grow in that in those spaces trying to try to tackle
that that you know kind of disinformation problem yeah absolutely
there's a lot of a lot of um going back to the you know schools and
students and that sort of thing too i think that out of necessity um unlike
any other industry that i know of that i'm aware of
people are going to be growing up within organizations and and probably
uh advancing in their um jobs and their responsibilities and
leadership quicker than than other businesses and i mean we certainly see that in our own business right bringing
up people giving them skill sets um right and and and really helping them grow
and i think a lot of other organizations are you know that that aren't doing maybe aren't doing the same thing will
certainly over the next five years start out again out of necessity bringing people up
advancing people quicker through their career paths um so long as they have the you know the attitude and the aptitude
to do it um they'll um we'll see see a lot of growth
so it's going to be a great great industry for people for a long long time
in the industry too same yeah just yeah there's there's you
know all you know i think all genders need to you know be involved in this you know
but we you know this has been an industry that has been most heavily male absolutely and so to have have more
female technicians and more female coders would just be great they have better attitudes towards the stuff they do too no offense guys i
think women look at code differently than men i mean i think you'd see a lot of advances coming if women coders were
i don't know i i i just had the perspective that they you know the way that you rolled slightly differently
than man well they got us to the moon and saved a whole bunch of pilots and that whole bit right so yeah yeah i
think maybe we should yeah we should be encouraging them to be in cyber security probably probably help us a whole lot
you know what i mean yeah yeah there's there's and there's certainly i've seen more groups pop up
around that too i i don't know the statistics if anybody listening knows or has any insight to this or or
is an expert in it and would like to join us on the show we'd love to have you but um that's something i don't i
don't see a lot of as you know what are the percentages um of uh of women coming
into the industry what what is it growing um you know that sort of thing and just people in general i mean i i'd
be interesting to see how many people are transitioning from other career fields into cyber security i just it's
not something i've looked into recently um so be curious to see what the latest latest metrics are i'm making
assumptions based off of what we see and who we talk to right but that's a that's a limited
limited scope limited vantage point so i'd be interested in uh again if you're out there uh listening give us your
comments feedback and um you know if you if you're an expert in this this particular area of kind of the
metrics behind what's going on with with talent we'd love to hear from you yeah i've
seen a lot of cyber women in cyber security management and project management what i haven't seen is a lot
of coders and security analysts and you know firewall attacks
yeah i think i think maybe the you know they're i think a lot is driven towards the gaming industry and so i
think if we look at that industry then i think you certainly have a really probably a pretty good solid female
demographic there for for the workforce just because of um you know the ability to really use
your imagination and so those art driven those are different individuals you know kind of if they want to get into tech
and coding they lean more towards that that gaming visual arts type area right and so maybe hope hoping
maybe some of those in their spare time will want to come over to cyber security right because um you know you can it's
it's pretty easily translatable right the the the precision that you need to create um
that art also is you know the same could be said about the code used to you know build a you know sas application for an
organization right so um hopefully we'll see or at least to audit it right um and so i think
i think i'm hoping in the future that the need will be so great in cyber security um for talent of all types that they'll
they'll hopefully be driven over from that industry at least maybe even part-time we'll cross a lot of
traditional business uh hurdles to in this industry and are doing it already because
we can hire people um on a fractional basis on a part-time basis as an industry with specific skill
sets and allow people i mean cyber security people have worked at home you know forever it's not it's not a new
thing in this industry but i think with the you know the new kind of new way of working
people want flexible hours flexible schedules they want to be measured by you know results not just punching the
clock and this industry absolutely allows that so we'll get people that um you know maybe uh maybe single parents
for example that are that are at home and and they need to watch the kids and they need to work certain hours um this
is this industry provides a lot of opportunity that they that they could take advantage that maybe other um a lot
of other industries would would um they'd have to shy away from because it would take them away from their more
important you know duties with their you know watching their kids and family so um there's a lot of flexibility here i
think we're gonna see that that grow and as a result two we're gonna see you know more and more talent enter
uh for that reason over time so it's not certainly not something that will happen overnight but
i mean i think you know as what much as we rant about the um things that
should be changed and how people should change their thinking and that sort of thing that's really for awareness but
i believe we're we're headed in the right direction a lot more to do but as long as we keep the course
we will prevail absolutely yeah absolutely that being said not to be debbie downer but the
head of the pentagon's ai department quit because he said we're so far behind the chinese there's no point
so nobody likes a quitter yeah somebody somebody else
he got paid to say that by the chinese what a that's what happened he couldn't he walked money
he believed their psyops campaigns right yeah did he stand up for himself and if
he did himself then i know more than music he got paid he brought in this new innovative
software called windows 95 and that's wanted to get it deployed
well well yeah i mean imagine imagine if there was like uh commanding generals oh
well this uh we can't we're i'm just gonna quit because it's too hard to fight the taliban
you know i mean that's like the same thing that's so that person needs to be out of there and
uh guns are loud i don't i don't like them so i'm gonna i'm not gonna be a
four-star general anymore like if that ever happened we'd be the country would be up in arms but
so i'm not gonna help i'm just gonna i'm just gonna quit oh you guys take care of it that's good
that's uh man hope that will never beat the chinese i heard once they had television
color color television color television wow well that said we're coming up on time any
any other snarky remarks before we jump off yeah i got one snarky remark for
everybody out there who's wondering well i know you heard laura and zach and mike talk about getting into cyber security
i'd really like to see a lot more organizations open up internships for um for individuals that have a desire to
be in this industry so if you're if you're out there listening and you you run an organization and you have even
just one cyber security person um that's doing your work for you and even if he's the i.t person too you should still open
up an internship to let some of the youth come in and that want to play a part in this
and um allow them to be a part of that and to learn this quicker than they can maybe going through college
so i'd i'd certainly like to see you do your parts that's my along those lines and you want the
people that want to do it not people that are uh want to be mercenaries you're like oh cyber security looks like a good field so i can go make money i
want to go do this because that is not the person that's going to you know i mean when money is their sole driving
factor that's necessarily what the best person for the job you weren't passionate about
absolutely that's what happened to the medical profession excellent point excellent point well great thank you all for joining us
hope you found this episode interesting hope there there was some good information here or at least things to
to consider or think about and um you're always welcome to leave us your comments uh
cyberrankspodcast.com or reach out on linkedin uh and we are we are there we want to
hear from you and um if you haven't subscribed of course subscribe love
love that as well help get the show around to more people and get this information out there because the world
needs to know more about cyber security and that's why we're doing what we do so have a great rest of your day and we
will see you on the next episode pick up your copy of the cyber ants book
on amazon today and if you're looking to take your cyber security program to the next level visit us online at
www.silentsector.com join us next time for another edition of
the cyber rants podcast [Music]
you